WP-Safety

胖鼠采集(Fat Rat Collect) Security & Risk Analysis

wordpress.org/plugins/fat-rat-collect

胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!

1K active installs v2.7.5 PHP 7.2+ WP 4.6+ Updated Oct 30, 2025
%e7%9f%a5%e4%b9%8e%e9%87%87%e9%9b%86%e9%87%87%e9%9b%86%e5%88%97%e8%a1%a8%e9%87%87%e9%9b%86%e5%be%ae%e4%bf%a1%e5%85%ac%e4%bc%97%e5%8f%b7%e6%96%87%e7%ab%a0%e9%87%87%e9%9b%86%e6%89%b9%e9%87%8f%e9%87%87%e9%9b%86
99
A · Safe
CVEs total2
Unpatched0
Last CVENov 12, 2024
Plugin page Download
Safety Verdict

Is 胖鼠采集(Fat Rat Collect) Safe to Use in 2026?

Generally Safe

Score 99/100

胖鼠采集(Fat Rat Collect) has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 12, 2024Updated 5mo ago
Risk Assessment

The "fat-rat-collect" plugin v2.7.5 presents a mixed security posture. On the positive side, the code shows good practices regarding SQL query preparation (84%) and output escaping (98%), and it has no critical or high severity vulnerabilities in its history. The absence of taint analysis issues and the presence of nonce and capability checks are also encouraging signs. However, there are notable concerns. The plugin exposes a single unprotected AJAX handler, which is a significant entry point for potential attacks without proper authorization. While there are no currently unpatched CVEs, the plugin has a history of two medium-severity vulnerabilities, specifically Cross-site Scripting and Missing Authorization. This history, combined with the unprotected AJAX endpoint, suggests a recurring pattern of authorization and input validation issues that require careful monitoring. Overall, while the plugin has made progress in some security areas, the unprotected AJAX handler and past vulnerability trends warrant caution.

Key Concerns

  • Unprotected AJAX handler found
  • History of 2 medium severity CVEs
  • Past vulnerabilities include XSS and Missing Auth
Vulnerabilities
2

胖鼠采集(Fat Rat Collect) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-10577medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fat Rat Collect <= 2.7.3 - Reflected Cross-Site Scripting

Nov 12, 2024 Patched in 2.7.4 (8d)
CVE-2023-35045medium · 5.3Missing Authorization

Fat Rat Collect <= 2.6.0 - Missing Authorization

Jun 14, 2023 Patched in 2.6.1 (223d)
Code Analysis
Analyzed Mar 16, 2026

胖鼠采集(Fat Rat Collect) Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
51 prepared
Unescaped Output
1
48 escaped
Nonce Checks
1
Capability Checks
3
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

84% prepared61 total queries

Output Escaping

98% escaped49 total outputs
Attack Surface
1 unprotected

胖鼠采集(Fat Rat Collect) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_frc_interfacefatratcollect.php:297
WordPress Hooks 9
actionplugins_loadedfatratcollect.php:143
actionadmin_enqueue_scriptsfatratcollect.php:175
actionadmin_menufatratcollect.php:268
filtercron_schedulesfatratcollect.php:374
actionfrc_cron_spider_hookfatratcollect.php:385
actionfrc_cron_release_hookfatratcollect.php:395
actionpublish_postincludes\fatrat-kit.php:28
actionpublish_postincludes\fatrat-kit.php:113
filterthe_contentincludes\fatrat-kit.php:135

Scheduled Events 2

frc_cron_spider_hook
frc_cron_release_hook
Maintenance & Trust

胖鼠采集(Fat Rat Collect) Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedOct 30, 2025
PHP min version7.2
Downloads72K

Community Trust

Rating94/100
Number of ratings46
Active installs1K
Alternatives

胖鼠采集(Fat Rat Collect) Alternatives

爱采集数据采集和发布插件

爱采集数据采集和发布插件

icollect

A
85

爱采集(http://icollect.net.cn)是一个超易用,强大的网页数据采集和发布软件

20 No CVEs
简数采集器

简数采集器

keydatas

A
93

简数采集器不仅提供网页文章全自动采集、定时采集等基本功能,还创新实现了智能识别和鼠标可视化点选生成采集规则(不用手写规则)、书签一键采集等特色功能,大幅提升了采集配置效率。

1K 2 CVEs
WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买

wxsync

A
92

标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费

500 1 CVE
导入微信文章 (Import Articles from WeChat)

导入微信文章 (Import Articles from WeChat)

import-articles-from-wechat

A
100

A simple yet powerful tool to import articles from WeChat Official Accounts into your WordPress site, including all content and images.

100 No CVEs
快兔兔AI采集器(站群版)

快兔兔AI采集器(站群版)

kuaitutu-crawler

A
85

基于深度学习技术的AI采集器,能主动搜索文章并智能解析出标题和正文,通过NLP提取关键词进行比对,最后投递到正确的分类中。

40 No CVEs
Developer Profile

胖鼠采集(Fat Rat Collect) Developer Profile

KitePig

1 plugin · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
116 days
View full developer profile
Detection Fingerprints

How We Detect 胖鼠采集(Fat Rat Collect)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fat-rat-collect/public/css/bootstrap.min.css/wp-content/plugins/fat-rat-collect/public/css/fatrat.css/wp-content/plugins/fat-rat-collect/public/js/bootstrap.min.js/wp-content/plugins/fat-rat-collect/public/js/fatrat.js
Version Parameters
fat-rat-collect/public/js/fatrat.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about 胖鼠采集(Fat Rat Collect)